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rian  Ehorn  faces  a  touch  task.  1  he  man- 
ager  of  global  finance  Web  services  at  ■-■■ 
NationsBank  in  Chicago  wants  his  far- 
flung  organization  to  have  flister  access  to  key  bank  -  ' 
and  group  services  data.  So  he’s  creating 
tools  to  allow  remote  employees  —  and 
even  authorized  bank  customers  —  to 
see  this  data  as  if  they  were  attached 
to  the  corporate  intranet. 

Similarly,  Federal  Express 
Corp.’s  Jim  Candler,  vice  pres¬ 
ident  of  personnel  systems, 
is  convinced  that  enabling 
employees  to  see  and 
update  their  personal 
human  resources  data  is 
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a  good  thing.  So  Candler  and  his  HR 
team  have  created  an  environment  that 
lets  employees  inside  a  firewall  authen¬ 
ticate  themselves  and  query  and  alter 
their  own  data  through  a  special  FedEx 
browser. 

For  Jeremy  King  at  Bay  Networks, 
Inc.  in  Santa  Clara,  Calif.,  the  chal¬ 
lenge  goes  beyond  access  and  authen¬ 
tication.  For  the  project  manager  of 
this  leading  internetworking 
company,  consolidating  secu¬ 
rity  applications 
and  maintaining 
users  and  groups 
on  the  corporate 
intranet  is  proving  to 
be  more  than  a  day’s 
work. 

Though  these  com¬ 
panies  and  their  issues 
have  little  in  common, 
they  do  share  a  technology  remedy.  Ifs 
the  Lightweight  Directory  Access  Pro¬ 
tocol  —  or  LDAP  —  a  networking 
protocol  that  allows  end  users  to  more 
easily  navigate  the  choppy,  disparate 
directories  of  the  rough  distributed 
computing  waters. 

NationsBank,  FedEx  and  Bay  Net¬ 
works  are  all  in  various  stages  of  pilot¬ 
ing  and  implementing  LDAP,  which 
they  believe  will  empower  users  by  giv¬ 
ing  them  more  control  over  corporate 
information. 

How  so?  As  an  access  protocol  that 
comes  with  a  Web  browser  or  mail 
client,  LDAP  has  opened  up  possi¬ 
bilities  as  never  before  for  business¬ 
es.  Suddenly,  end  users  have  the  abil¬ 
ity  to  do  information  lookups,  adds 
and  deletes.  Administrators  can  pull 
information  from  native  application 
directories  into  LDAP-based  directo¬ 
ries  and  open  those  up  to  the  corpo¬ 
rate  intranet,  and,  by  extension,  the 
extranet. 

LDAP’s  popularity  stems  largely 
from  being  a  lowest  common  denom¬ 
inator,  according  to  Doug  Simmons, 
vice  president  of  consulting  services 


at  The  Radicati  Group  in  Palo  Alto, 
Calif.  And  though  LDAP  provides 
access  to  disparate  data  sources,  it  is 
limited  to  name,  address  and  phone 
number-type  information,  Simmons 
points  out. 

RAPPROCHEIVIEIMT 

LDAP  (a  pared-down  version  of  the 
X.500  access  protocol,  known  as 
Directory  Access  Protocol  or  DAP) 
has  found  quick  and 
universal  acceptance 
among  traditionally  war¬ 
ring  competitors.  Devel¬ 
oped  at  the  University  of 
Michigan,  it  is  easier  to 
implement  than  DAP, 
which  is  very  resource¬ 
intensive.  The  function- 

THE  LDAP  MARKET 
will  be  impacted  by 
Microsoft's  [Active 
Directory]  but  not 
eliminated  by  Microsoft." 

TIM  SLOANE,  ABERDEEN  GROUP 

ality  provided  by  LDAP  is  lighter 
weight,  but  Version  3.0  of  the  pro¬ 
tocol  has  addressed  some  of  the  short¬ 
comings  by  offering,  for  example, 
strong  authentication. 

By  providing  a  common  interface, 
LDAP  facilitates  synchronization  of 
directories  across  distributed  E-mail 
and  other  database  servers.  But  while 
it  is  popular  right  now,  Microsoft 
Corp.’s  new  Active  Directory  may 
change  the  equation,  networking 
experts  contend. 

And  contrary  to  the  claims  of  LDAP 
evangelists,  the  protocol  does  face  other 
challenges.  “LDAP  gives  us  a  better 
opportunity  to  develop  an  enterprise 
directory,  but  in  and  of  itself  does  not 
give  an  enterprise  a  consolidated  enter¬ 
prise  directory  because  legacy  direc¬ 
tories  are  not  based  on  LDAP,”  says 


Gary  Rowe,  principal  at  Rapport  Com¬ 
munication  in  Roswell,  Ga.  “To  bring 
this  together,  [we  need  a]  new  class  of 
products.” 

In  the  absence  of  tools,  organiza¬ 
tions  are  developing  their  own.  Ehorn’s 
staff  at  NationsBank  has  written  cus¬ 
tom  scripts  to  extract  information 
from  different  directories  residing  on 
Oracle  Corp.  and  Sybase,  Inc.  data¬ 
bases  distributed  throughout  the  coun¬ 
try.  The  data  is  then  imported  into 
Netscape  Communications  Corp.’s 
Directory  Server,  Version  3.0.  In  other 
words,  they  are  aggregating  informa¬ 
tion  from  multiple  sources  and  putting 
it  into  a  directory  service,  which  can 
be  used  by  a  certain  Web-enabled  pop¬ 
ulation. 

“The  clients  of  our  directory  will 
be  a  variety  of  Web  applications 
that  require  user  authentication, 
or  user  profile  information  that 
may  be  stored  in  the  directory,” 
Ehorn  says. 

The  use  of  LDAP  will  also 
enable  NationsBank  to  eventu¬ 
ally  build  extranets  and  lever¬ 
age  the  integration  of  the  rest 
of  the  Netscape  SuiteSpot  line, 
Ehorn  says.  This  approach  will 
“lower  the  cost  of  ownership  because 
of  centralized  administration  and  [will] 
decrease  development  time  as  appli¬ 
cations  have  one  data  store  about  peo¬ 
ple  and  groups,”  he  explains. 

RATIONALIZIIMG  SECURITY 

Security  is  key  for  Bay  Networks,  as 
well.  Before  June  1997,  when  Bay  saw 
its  first  LDAP  implementation,  the 
company  had  a  number  of  security  sys¬ 
tems,  King  says.  “We  had  Web  devel¬ 
opers  in  each  department,  each  with 
their  own  security,”  he  says.  “As  Web 
developers  sprouted,  they  created  their 
own  security  systems.” 

The  result  was  the  creation  of  as 
many  security  systems  as  applications. 
Some  users  could  have  up  to  15  pass¬ 
words.  King  said  the  company  is  down 
to  about  six  security  systems  and  the 
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number  will  go  down  even  more. 

King  has  ambidous  expansion  plans. 
For  example,  he  wants  to  implement 
digital  certificates  and  use  the  direc¬ 
tory  server  as  a  store  for  public  keys. 
Some  applications,  such  as  the  New 
Product  Introduction  Tool,  are  extreme¬ 
ly  sensitive  and  not  all  employees  on 
the  corporate  intranet  will  have  access 
to  them.  “It’s  here  that  digital  certifi¬ 
cates  will  come  in  handy,”  King  notes. 

FedEx,  on  the  other  hand,  is  using 
LDAP  not  only  for  humans  to  com¬ 
municate  with  machines  but  for 
intranet  applications  as  well.  Although 
all  of  its  applications  are  still  in  beta, 
FedEx  has  created  a  system  using  soft¬ 
ware  from  Entrust  Technologies,  Inc. 
in  Richardson,  Texas. 

Employees  sign  on  through  Entrust. 
Each  employee  gets  a  certificate  that  is 
also  stored  in  the  LDAP-based  direc¬ 
tory.  This  means  that,  unlike  in  the 
Internet  model,  a  user’s  certificate  does 
not  have  to  be  stored  on  a  particular 
PC,  Candler  explains.  This  does  not  tie 
a  user  to  a  particular  desktop  and  makes 


administration  a  lot  easier  in  an  orga¬ 
nization  where  thousands  have  intranet 
access. 

Once  in  the  directory  server,  employ¬ 
ees  have  access  to  “self-service”  HR 
information.  Seeker  Workplace  from 
Seeker  Software,  Inc.  in  Oakland, 
Calif,  provides  access  to  all  HR  data¬ 
bases,  regardless  of  the  platform.  Users 
can  change  their  phone,  fax  or  beeper 
number,  for  example,  on  the  HR  serv¬ 
er. 

Salaries  and  other  changes  can  be 
made  by  managers,  and  all  the  rules 
for  those  are  stored  in  the  directory 
server.  In  the  case  of  a  terminated 
employee,  HR  updates  the  personnel 
server  and  all  related  information  across 
the  network  is  changed  at  the  same 
time. 

The  directory  server  is  also  the 
repository  for  workflow  rules.  “Our 
LDAP  directory  stores  workflow 
enablers  —  job  code,  supervisor  level, 
location  code,  boss,  pin  number  of 
boss,”  Candler  says.  “Client/server 
applications  have  access  to  that  data.” 


Seeking  a  Master  View 


Ameta  directory,  says 
Gary  Rowe,  princi¬ 
pal  at  Rapport 

Communication  in  Roswell,  Ga., 
sits  in  the  middle  of  disparate 
directories  and  lets  them  communi¬ 
cate  with  each  other.  "It  under¬ 
stands  relationships  among  various 
directories,  so  it  can  tie  them 
together  using  an  overarching 
directory  structure,  like  X.500,  and 
weave  together  various  directo¬ 
ries,”  Rowe  says. 

LDAP  could  be  the  protocol  used, 
he  contends,  because  of  its  univer¬ 
sal  acceptance. 

The  chief  draw  of  the  meta  direc¬ 
tory  —  currently  provided  by  ven¬ 
dors  such  as  Control  Data  Systems, 


Inc.  in  Arden  Hills,  Minn.,  and 
Zoomit  Corp.  in  Toronto,  Canada  — 
is  that  unlike  directory  synchro¬ 
nization,  which  merely  takes  infor¬ 
mation  from  different  native  direc¬ 
tories  and  spits  it  back  out,  the 
meta  directory  creates  a  person 
object  into  which  it  puts  all  the 
information  about  that  person.  It 
thus  does  away  with  the  redundan¬ 
cies  of  traditional  directory  sys¬ 
tems. 

Also,  unlike  X.500,  it  does  not 
require  information  to  be  fully 
mapped  to  the  native  directories, 
Rowe  says. 

Tim  Sloane,  an  analyst  at 
Aberdeen  Group  in  Boston,  says  the 
meta  directory  is  a  concept  only 


This  means  that  an  application  that 
does  expense  reports  or  purchase 
orders  can  obtain  information,  such 
as  who  is  the  signing  authority  on  a 
particular  expense,  from  the  directo¬ 
ry  server,  he  explains. 

VENDOR  BANDWAGON 

So  while  consumers  in  the  business 
world  are  rushing  to  find  new  ways 
to  use  LDAP  to  bring  data  within  eas¬ 
ier  reach,  vendors  are  rushing  to  express 
their  support  for  LDAP  as  much 
through  action  as  through  the  spoken 
word. 

What  vendors  like  about  supporting 
LDAP  is  that  they  each  see  their  prod¬ 
uct  in  the  center  of  the  directory  uni¬ 
verse.  With  a  common  standard,  the 
focus  moves  from  access  to  ease  of 
implementation  and  performance.  “As 
more  people  write  LDAP  applications, 
it  takes  the  spotlight  off  access  and  puts 
it  on  the  back  end  of  the  directory,” 
says  Michael  Simpson,  director  of  prod¬ 
uct  marketing  at  Novell,  Inc.  in  Provo, 
Continued  on  page  6 


partially  implemented  today,  but 
the  concept  can  be  taken  to  differ¬ 
ent  extremes. 

And  there  will  be  learning  curves 
to  master  as  people  push  the  meta 
directory  concept  a  little  too  far 
and  find  that  as  they  try  to  store 
too  much  data  in  too  wide  a  span 
of  control,  management  becomes  a 
headache.  Then  they  will  have  to 
scale  back,  he  says. 

The  best  use  of  meta  directories, 
at  least  with  currently  available 
products,  is  to  solve  a  specific 
problem,  such  as  managing 
employee  names  across  applica¬ 
tions. 

"That's  a  bold  strategy  and  it  can 
be  done,"  Sloane  concludes. 
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I'VE  GOT  OUR  WHOLE  NETWORK  ON  MY  DESKTOP." 


*Mark  Wiesenberg  knows  all  about  bringing  things  down  to  size. 

His  company,  QUALCOMM,  is  putting  the  power  of  advanced  digital  wireless  communications  into  the 
palm  of  your  hand  with  its  compact  CDMA  digital  Q™  phone. 


And  his  network,  Novell®,  is  putting  the  power  of  seamless  networking  right  onto  his  users'  desktops. 
Novell  NetWare®  software  supparts  aver  4,000  users  on  a  single  server,  and  scales  up  easily  as 
200  workstatians  are  added  every  month.  And  Novell  Directory  Services™  technology  allows  his 
administrators  to  manage  the  entire  network  from  a  single  site  (including  NT,  Macf  Sun®and 
UNIX®  platforms). 

Shrinking  the  world  is  hard  work,  which  is  why  a  fast-paced,  fast-growing  company  like 
QUALCOMM  works  only  with  the  best.  That's  why  they  chose  Novell. 


Novell 


World.  Network.  QUALCOMM.  Novell.  Hand  in  hand,  desktop  to  desktop,  a  revolution  in  technology. 
www.novell.com 
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Continued  from  page  3 
Utah.  “The  question  then  becomes, 
‘Which  [directory]  is  more  reliable, 
secure  and  manageable,’  ”  he  says. 

And  all  vendors  think  their 
products  fit  the  bill.  Users 
and  analysts,  however,  know 
that  LDAP  has  its  short¬ 
comings. 

For  one,  users  need 
to  understand  the 
new  technology,  says 
Rick  Waugh,  systems 
analyst  at  BCTelecom, 

Inc.  in  Vancouver, 

Canada.  You  have  to 
figure  out  the  directory 
schema,  what  informa¬ 
tion  should  be  presented  to  users  and 
what  the  hierarchy  should  be.  “It  does¬ 
n’t  come  out  of  the  box  ready  to  go,” 
he  says.  “It  needs  design  work.” 

NationsBank’s  Ehorn  recognizes  the 
challenge.  Doing  schema  definition, 
identifying  data  sources  for  schema, 
providing  links  to  pull  existing  infor¬ 
mation  into  directories,  and  LDAP- 
enabling  all  the  applications  in  use  at 
the  bank  is  time-consuming  and  can 
become  political  as  departments  squab¬ 
ble  over  ownership  issues. 

One  area  that  becomes  especially 
challenging  is  trying  to  obtain  pieces 
of  information  from  data  repositories, 
bringing  them  to  the  LDAP  directory 
server,  and  keeping  the  record  keys  in 
the  server,  Simmons  says.  The  idea  is 
to  use  the  record  key  to  look  for  addi¬ 
tional  information  on  the  back-end 
database. 

META  DIRECTORIES 

A  new  concept  is  emerging  that  defines 
these  directories  that  manage  point¬ 
ers  to  other  databases.  The  term  “meta 
directory”  came  into  industry  parlance 
a  little  more  than  two  years  ago.  It  is 
used  to  denote  both  directories  that 
store  pointers  as  well  as  one  gigantic 
directory,  such  as  an  X.500  directory, 
that  is  a  repository  for  all  information. 
Two  key  features  of  a  meta  directory 


V 


are  that  it  has  the  intelligence  to  scan 
and  look  for  similarities  among  entries, 
and  it  provides  centralized  management 
(see  story  page  3). 

Meanwhile,  the  real  challenge  to 
LDAP  may  come  from  Microsoft’s 
Active  Directory,  which  will  be 
part  of  NT  Version  5.0,  the 
second  beta  of  which  will  be 
released  later  this  year  and 
is  expected  to  become  pro¬ 
duction-ready  by  the 
^  second  quarter  of  next 
year. 

It  is  true  that 
Active  Directory  will 
support  LDAP  natively  but 
that  is  not  all  it  will  support. 
On  the  front  end,  it  will  provide  the 
Active  Directory  Service  Interface, 
which  will  let  independent  software 
vendors  write  the  applications  that  use 

Not  Lightweight 

(to  them) 

A  SAMPLING  OF  SERVERS  THAT 
SUPPORT  LDAP 

LOTUS  DEVELOPMENT  CORP. 

Currently  shipping; 

Domino  Directory,  Version 
4.61  with  LDAP  2.0. 

Future  release:  Version  5.0  with 
LDAP  3.0 

MICROSOFT  CORP. 

Currently  shipping: 

NT  4.0.  Windows  NT  Directory 
Services  does  not  support  LDAP. 

Future  release;  NT  5.0  with  Active 
Directory  will  support  LOAP  3.0. 

NETSCAPE  COMMUNICATIONS 
CORP. 

Currently  shipping: 

Directory  Server,  Version 
3.0  with  LDAP  3.0. 

NOVELL,  INC. 

Currently  shipping: 

NOS  4.11  with  LDAP  2.0. 

Future  release:  NDS  5.0  with 
LDAP  3.0. 


the  Active  Directory;  on  the  back  end. 
Object  Linking  and  Embedding  Data¬ 
base  or  OLE  DB  —  an  interface  for 
accessing  different  types  of  data  regard¬ 
less  of  location  —  will  provide  access 
to  relational  and  nonrelational  data 
sources. 

For  example,  “Active  Directory  will 
have  a  ton  of  new  object  classes,  attrib¬ 
utes  and  object  relationships,  which  are 
useful  only  in  the  NT/Exchange/Win  tel 
environment,”  Radicati’s  Simmons  says. 
“These  objects  have  unique  names,  syn¬ 
tax,  object  identifiers  [and]  matching 
rules,  which  are  not  going  to  be  rec¬ 
ognizable  to  non-Active  Directory 
browsers  and  directories,  such  as 
LDAP.” 

Active  Directory  may,  therefore,  limit 
the  proliferation  of  pure  LDAP-based 
directories  that  Netscape  has  been 
championing.  “The  LDAP  market  will 
be  impacted  by  Microsoft,  but  not  elim¬ 
inated  by  Microsoft,”  says  Tim  Sloane, 
an  analyst  at  Aberdeen  Group,  Inc.  in 
Boston. 

Netscape,  however,  sees  meta  direc¬ 
tories  as  an  interim  solution  until 
LDAP  becomes  more  firmly 
entrenched.  “Over  the  long  term, 
LDAP  will  make  meta  directories  irrel¬ 
evant,  says  Frank  Chen,  group  prod¬ 
uct  manager  at  Netscape  in  Mountain 
View,  Calif 

The  meta  directory  issue  is  a  grow¬ 
ing  one  but  may  not  really  impress 
itself  on  the  industry  psyche  for  anoth¬ 
er  two  years,  industry  watchers  said. 

While  some  companies  will  choose 
something  off  center  and  off  standard, 
such  as  Active  Directory,  so  that  they 
can  couple  their  directories  more  tight¬ 
ly  with  their  operating  system,  others 
will  take  a  different  approach,  Sloane 
believes.  They  will  say  that  the  extranet 
is  important  to  them  and  they  need 
standards  to  manage  NT  and  other 
platforms.  And  the  way  to  do  it  will  be 
through  LDAP,  he  contends. 

Mohan  is  a  freelance  writer  in  Los 
Altos,  Calif. 
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PROJECT:  CORPORATE  DIRECTORY 

And  One  Directory  For  All 


By  Steve  Alexander 

Parsons  Corp.,  an  engi¬ 
neering  and  construc¬ 
tion  firm  in  Pasadena, 
Calif,  will  begin  using 
Lightweight  Directory- 
Access  Protocol  (LDAP) 
as  part  of  a  plan  to  link 
more  than  1 00  remote 
small  offices  and  con¬ 
struction  sites  to  its  corporate  network. 
An  LDAP-based  universal  corporate 
directory  will  initially  provide  organi¬ 
zation  charts,  employee  telephone  num¬ 
bers  and  personal  information.  Later  the 
directory  will  be  expanded  to  include  an 
existing  company  intranet  and  a  new 
extranet  that  will  have  hundreds  of  Web 
pages  about  individual  work  projects. 
Hayes  Latin,  project  manager  at  systems 
integrator  Perot  Systems  Corp.  explains 
the  project. 

WHAT  THEY’RE  DOING 

The  LDAP  directory  will  be  used  to  cap¬ 
ture  data  about  all  the  people  who  need 
to  access  information  in  the  organiza¬ 
tion,  including  contractors,  subcon¬ 
tractors,  consultants,  partners  and 
employees.  We  want  to  categorize  users 
by  the  organization  they  are  with,  the 
projects  they  are  on  and  the  levels  of 
access  they  have. 


often  have  to  call  a  building  and  talk  to 
the  guard  station.  The  larger  buildings 
had  their  own  directories,  but  there  was 
no  central  directory. 

When  the  corporatewide  intranet  and 
extranet  are  rolled  out  in  six  to  eight 
months,  they  will  help  the  company  pro¬ 
mote  collaboration.  People  will  be  able 
to  send  documents  and  drawings  back 
and  forth  to  the  remote  sites. 

HOW  THEY’RE  DOING  IT 

Parsons  will  deploy  Oblix,  Inc.’s  Intra- 
Power  Suite  2.5,  a  tool  that  allows  IS 
to  assign  security  rights  to  each  field  with¬ 
in  the  LDAP  server.  Using  Oblix,  Par¬ 
sons  can  say  that  certain  fields  are  update¬ 
able  by  users,  while  others  are  updateable 
only  by  company  officials.  In  the  future. 
Parsons  will  limit  the  fields  to  determine 
what  can  be  viewed  by  whom.  Parsons 
hasn’t  decided  whether  LDAP  will  run 
on  Windows  NT  or  Unix. 

TECHNICAL  CHALLENGES 

The  plan  is  for  any  new  application 

"By  having  a  centralized  directory,  you  put 
the  data  in  once.  When  people  leave, 
you  can  remove  them  from  the  central 
directory  and  they  have  been  removed 
from  all  applications." 


HAYES  LATIN 
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in  the  next  three  to  six  months  to  be 
LDAP-compliant.  But  it’s  question¬ 
able  whether  this  will  work  because 
some  mission-critical  applications  aren’t 
LDAP-compliant  and  won’t  ever  be. 
We  may  have  to  maintain  separate 
directories  for  our  homegrown  finan¬ 
cial  system,  which  runs  on  an  IBM 
AS/400,  and  our  home¬ 
grown  materials  man¬ 
agement  system,  which 
runs  on  an  IBM 
RS/6000.  It  might  be 
too  much  of  an  effort  to 
make  those  legacy  sys¬ 
tems  work  with  an  LDAP  directory. 

The  company  must  figure  out  how  to 
replicate  the  directory  database  to  other 
servers  in  the  network. 

TOOLS 

In  addition  to  IntraPower,  Netscape 
Directory  3.0  is  the  directory  server. 

COSTS 

The  LDAP  directory  and  the  Oblix 
interface  were  justified  by  the  uni¬ 
versal  corporate  directory  function. 
IS  was  sold  on  the  network  security 
and  application  security  aspects. 

RETURN  ON  INVESTMENT 

Management  justified  the  expenditure 
on  the  convenience  and  utility 
of  LDAP. 

ADVICE  TO  OTHERS 

It  might  be  too  cumbersome 
to  rework  legacy  applications 
to  fit  the  LDAP  model.  But  if 
you  shift  to  Web-based  applica¬ 
tions,  you  need  to  be  concerned 
about  security.  That’s  where 
LDAP  is  of  value. 


^WHAT'S  ONLINE 


For  an  expanded  view  of 
this  project  with  RealAudio 
clips,  point  your  browser  to 

www.computerworld.com/intranets 


BENEFITS 

By  having  a  centralized  directory,  you 
put  the  data  in  once.  When  people  leave, 
you  can  remove  them  from  the  central 
directory  and  know  they  have  been 
removed  from  all  applications. 

The  universal  directory  also  will  auto¬ 
mate  something  that  has  been  largely 
manual.  To  find  someone  today,  you’d 
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